Application No. 10/817,124 

Amendment dated March 12, 2008 

After Final Office Action of November 15, 2007 



Docket No. 08223/1200330US2 



AMENDMENTS TO THE CLAIMS 

1 . (Currently Amended) A method for tracing content in a highly distributed 
system, comprising: 

receiving content associated with a content owne r from a first entity in the 
highly distributed system : 

decrypting the received content bv a second entity that received the 
content from the first entity ; 

determining a self-identifier that uniquely identifies an entity decrypting 

the content; 

modifying the decrypted conten t bv the second entity by embedding at 
least one of a fingerprint or a watermark into the decrypted content, wherein the 
fingerprint or watermark is generated, in part, from the self-identifier; 

encrypting the modified conten t by the second entity ; 

wrapping the encrypted modified content together with the self-identifier 
using an access key; and 

providing a set of information to the content owner, wherein the set of 
information enables the content owner to trace the content in the highly distributed 
system. 

2. (Previously Presented) The method of claim 1 , wherem decrypting the 
received content fiirther comprises: 

obtaining a different access key out-of-band, wherein the different access 
key is uniquely associated with the entity decrypting the content and a sender of the 
content; and 

employing the different access key to unwrap the received content before 
decrypting the received content. 

3 . (Previously Presented) The method of claim 1 , wherein the fingerprint or 
watermark is further generated based on another self-identifier that uniquely identifies a 
downstream market recipient of the content. 
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4. (Previously Presented) The method of claim 1, wherein the self-identifier 
is digitally signed by an encryption key associated with the entity decrypting the content. 

5. (Previously Presented) The method of claim 1, wherein the self-identifier 
fiirther comprises at least one of a serial nixmber, and a time stamp indicating 
approximately when the content is decrypted. 

6. (Previously Presented) The method of claim 1 , wherein the set of 
infonnation further comprises at least one of traceability information, a time stamp, an 
identifier, and registration information associated with at least one of the content and the 
entity decrypting the content. 

7. (Previously Presented) The method of claim 1 , fiirther comprising: 
providing the wrapped encrypted modified content and self-identifier to a 

downstieam market recipient; 

decrypting, by the downstream market recipient, the received modified 

content; 

fijrther modifying the decrypted modified content by embedding another 

fingerprint or watermark into the modified content, wherein the other fingerprint or 
watermark is generated in part Irom another self-identifier that uniquely identifies tiie 
downstream market recipient that decrypts the modified content; 
encrypting the fiirther modified content; and 

wrapping the encrypted further modified content together with the self- 
identifier that uniquely identifies the entity decrypting tiie content and the self-identifier 
that uniquely identifies the downstream market recipient 

8 . (Previously Presented) The method of claim 1 , wherein determining the 
access key further comprises receiving the access key employing an out-of-band 
mechanism. 
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9. (Previously Presented) The method of claim 1, wherein wrapping the 
encrypted modified content further comprises digitally signing the encrypted modified 
content. 

10. (Previously Presented) The method of claim 1, wherein the access key 
employs a public key infrastructure. 

1 1 . (Original) The method of claim 1 , wherein the content is at least one of a 
subscription television, movies, interactive video games, video conferencing, audio, still 
images, text, graphics. 

12. (Currently Amended) A security device for tracing content in a highly 
distributed system, comprising: 

a receiver configured to receive and decrypt encrypted c ontent associated 
with a content owner; 

a fingerprinter-waterraarker configured to perform actions including: 

determining a self-identifier that imiquely identifies a rocipiont of 
the security device decrvptmg the content; 

generating a fingerprint, in part, fi-om the self-identifier; and 
watermarking the content by the security device by employing the 

fingerprint; and 

a forensics interface configured to send information associated with the 
watermarked content to the content owner. 

13. (Previously Presented) The security device of Claim 12, further 
comprising: 

a key wrap, coupled to the fingerprinter-watermarker, that is configured to 
perform actions, including: 



{S:\08223\1200330-US2\80144507.DOCI 



} 



4 



Application No. 10/817,124 Docket No. 08223/1200330US2 

Amendment dated March 12, 2008 

After Final Office Action of November 15, 2007 

receiving an access key associated with the recipient of the 

content; and 

wrapping the content together with the self-identifier employing 

the access key. 

1 4. (Original) The security device of claim 1 3, 'wherein the access key is 
received employing an out-of-band mechanism. 

15. (Original) The security device of claim 12, wherein the recipient is at le^t 
one of an aggregator, a service operator, and a user. 

16. (Original) The security device of claim 12, wherein the information 
associated with the watermarked content comprises at least one of traceability 
information, a time stamp, an identifier, and registration information associated with at 
least one of the content and the recipient of the content. 

17. (Original) The security device of claim 12, further comprising: 
a data store configured to store decrypted content; and 

a fingerprinted-watermarked content data store configured to store 
encrypted content, 

1 8. (Currently Amended) A network device for managing content in a highly 
distributed system, comprising: 

a transceiver that is arranged to receive and to send content to another 
network device; and 

at least one processor that is configured to execute program code to 

perform actions, including: 

receiving a first wrapper of content firom a first market participant 

sent to a second market participant that is associated with the network device, the 

wrapper including encrypted content, a first identifier that uniquely identifies the first 

market participant, and a content key, AAdierein the encrypted content, content key, and 
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unique first identifier are together encrypted into the first wrapper using an access key 
associated with the network device; 

decrypting the first wrapper using the access ke y at the network 
device of the second market participant ; 

decrypting the encrypted content using the decrypted content key 
at the network device of the second market participant : 

generating at least one of a fingerprint or a watermark that 
uniquely identifies the second market participant; 

marki ng at the network device of the second market participant the 
decrypted content by embedding the fingerprint or watermark into the decrypted content; 

encryptin g at the network device of the second market participant 
the marked content using the content key; 

generating a second wrapper that wraps together the content key, 
the encrypted marked content, the first unique identifier, and a second unique identifier 
that uniquely identifies the second market participant, using an access key associated 
with a third market participant; and 

transmitting the second wrapper to the third market participant. 

1 9. (Previously Presented) The network device of claim 1 8, wherein the second 
unique identifier further includes a time stamp that further indicates when the second 
wrapper is created. 

20. (Currently Amended) An apparatus for tracing content in a highly 
distributed system, comprising: 

[[a]] means for receivin g at the apparatus content associated with a content 

owner; 

[[a]] decryption means for decrypting the received content by the 

apparatus : 

means for determining an identifier that uniquely identifies the apparatus 
that received the content and has decrypted entity decrypting the content; 
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means for modifying the decrypted content by the apparatus by embedding 
at least one of a fingerprint or watermark generated from the unique identifier into the 
decrypted content; 

means for wrapping the modified content; 

[[a]] means for determining a set of information associated with the 
decryption of the content; and 

[[a]] means for providing the set of information to the content owner. 



{S:\08223\1200330-US2\80144507.DOCI 



} 



7 



